ERROR: ssl certificate doesn't exist: C:\Users\xxxx\AppData\Local\Barrier\SSL\Barrier.pem

[411621]

What happened?

On desktop and on laptop same error:
ERROR: ssl certificate doesn't exist: C:\Users\xxxx\AppData\Local\Barrier\SSL\Barrier.pem

Version

v2.4.0

Git commit hash (if applicable)

No response

If applicable, where did you install Barrier from?

Chocolately

What OSes are you seeing the problem on? (Check all that apply)

Windows

What OS versions are you using?

22H2 19045.3155

Relevant log output

1] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
[2023-07-07T15:26:47] INFO: OpenSSL 1.0.2l  25 May 2017
[2023-07-07T15:26:47] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
[2023-07-07T15:27:03] INFO: OpenSSL 1.0.2l  25 May 2017
[2023-07-07T15:27:03] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
[2023-07-07T15:27:19] INFO: OpenSSL 1.0.2l  25 May 2017
[2023-07-07T15:27:19] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
[2023-07-07T15:27:35] INFO: OpenSSL 1.0.2l  25 May 2017
[2023-07-07T15:27:35] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
[2023-07-07T15:27:51] INFO: OpenSSL 1.0.2l  25 May 2017
[2023-07-07T15:27:51] ERROR: ssl certificate doesn't exist: C:\Users\Robert\AppData\Local\Barrier\SSL\Barrier.pem
server status: active

Any other information

Barrier.pem does not exist

[mml]

I am getting essentially the same message on Debian Bookworm running 2.4.0. Barrier worked fine on Debian bullseye (this was apparently 2.3.3).

[NaokiS28]

I was getting the same error on macOS Ventura and Windows 11. If its an acceptable workaround in your case, you can disable SSL by opening barrier's settings and unchecking "Use SSL". I did that on both machines and it works again. I understand its less secure but then in a private instance it's probably fine

[tralves]

Hi! I have SSL Fingerprint: Disabled both on MacOS and Win 11 and I have the same error.

[Pegase01]

same for me between 2 mac
Mac OS Monterey 12.6.7 et MAC OS Ventura 13.4.1 (ARM)
Not able to deactivate SSL but this should not be the problem.
Application Support/barrier/ssl doesn't contain any certificate

• I have a failed to connect secure socket with SSL error occured

[videoMonkey]

I was experiencing this on my linux debian bookworm flatpak and my windows 10 computer. I dont know why, but I found some clues in this thread that led me to be able to resolve it on both platforms. On the arch wiki linked above it says

Note: Barrier v2.4.0 introduced a new keyfile format, which requires a SHA256 fingerprint and "v2:sha256:$fingerprint" formatted lines. For older versions, make sure the fingerprints are SHA1 and do not include a prefix.

and proceed to suggest the following commands

$ mkdir -p ~/.local/share/barrier/SSL/Fingerprints;
$ openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout ~/.local/share/barrier/SSL/Barrier.pem -out ~/.local/share/barrier/SSL/Barrier.pem;
$ fingerprint=$(openssl x509 -fingerprint -sha256 -noout -in ~/.local/share/barrier/SSL/Barrier.pem | cut -d"=" -f2);
$ echo "v2:sha256:$fingerprint" > ~/.local/share/barrier/SSL/Fingerprints/Local.txt;

being on flatpak I had to change ~/.local/share/barrier/SSL/ to the one I found listed in the barrier logs in all the commands. I don't remember what it was at this point.

Windows was a little tricker, I had to download the openssl.cnf from this repo and copy it to C:\OpenSSL\ssl\openssl.cnf and then I ran the following command

& 'C:\Program Files\Barrier\openssl.exe' req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout "C:\Users\<user>\AppData\Local\Barrier\SSL\Barrier.pem" -out "C:\Users\<user>\AppData\Local\Barrier\SSL\Barrier.pem"

now things are working. I don't know why cert gen isn't working, in this release, that would be the real solution, but until then, this is what I did to get things going. I am using this at the office network with ~20 other users on the network and I don't want my input unencrypted.

[Amagnum]

The above one works! Just make sure to write the commands correctly!

[Pegase01]

The above one works! Just make sure to write the commands correctly!

I do confirm : it works 👍 !
thanks @videoMonkey and @Amagnum

the only think was that barrier didn't accept to run anymore (but I migrated my OS from Monterey to Ventura in between) - it was just starting and disappearing.
I had to do another copy of the barrier.app from the downloaded .dmg to Application Folder and to follow this post : #1945
Now SSL is enabled on my server (I should finish the test when I will my other computer back).

[gbicann]

A macOS workaround is here.

[hi-ko]

on windows just use ssl generate powershell script from #1377 (comment) to generate the missing ssl cert:

$cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable

# Public key to Base64
$CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')

# Private key to Base64
$RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
$KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
$KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks)

# Put it all together
$Pem = @"
-----BEGIN PRIVATE KEY-----
$KeyBase64
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
$CertBase64
-----END CERTIFICATE-----
"@

# Output to file
$Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii

[jhgorse]

Duplicate. #231

See this comment for the known fixes: #231 (comment)